b"               OFFICE OF\n               INSPECTOR\n               GENERAL\n               UNITED STATES POSTAL SERVICE\n\n\n\n\n   U.S. Postal Service Data Governance\n\n                       Audit Report\n\n\n\n\n                                              April 23, 2013\n\n\nReport Number DP-AR-13-004(R)\n\x0c                                                                            April 23, 2013\n\n                                                                     U.S. Postal Service\n                                                                      Data Governance\n\n                                                      Report Number DP-AR-13-004(R)\n\n\n\nBACKGROUND:\nThe U.S. Postal Service operates one of       WHAT THE OIG FOUND:\nthe largest information technology            The Postal Service could improve\ninfrastructures in the world and has an       management of critical data to assist\ninventory of 795 computer applications.       managers and employees to achieve\nData from many of those applications          strategic and operational goals. We\nare collected into data repositories and      identified 148 data-related issues in OIG\nshared widely within the Postal Service.      reports issued in FYs 2009 through\nUsing those assets to make informed           2012. The majority of the issues\ndecisions is particularly important for the   involved unreliable or inaccurate data or\nPostal Service, as declining revenue,         were caused by an absence of policies\nthe struggling national economy, and          or the Postal Service not enforcing\nthe increasingly digital nature of the        existing policies.\nworld threaten its core business. One of\nits key strategies is to leverage its         Although the Postal Service defined a\nstrengths by integrating data to improve      structure for a data governance program\nbusiness decisions.                           in 2003, full roles and responsibilities\n                                              were not uniformly adopted across the\nIn fiscal year (FY) 2012, the U.S. Postal     enterprise. Also, limitations in the Postal\nService Office of Inspector General           Service\xe2\x80\x99s data governance program\n(OIG) conducted a series of audits            placed the Postal Service at risk to\nrelated to how the Postal Service uses        potential vulnerabilities that could affect\ndata to manage its operations. We also        data quality, availability, and integrity\nexamined data governance, the process         and result in inefficient operations,\nto ensure that data are managed and           disruptions of service, and fraud.\nfully utilized, in six best-in class\ncompanies to identify best practices that     We identified best practices used by\nthe Postal Service might adopt to             companies with successful data\noptimize resources and efforts.               governance programs. We used these\n                                              best practices to identify a possible\nOur objective was to determine whether        implementation strategy.\nthe Postal Service was effectively\nmanaging and using data in a manner           WHAT THE OIG RECOMMENDED:\nthat assists employees in achieving           We recommended implementing a\nstrategic and operational goals.              formal, enterprise-wide data governance\n                                              program.\n\n                                              Link to review the entire report\n\x0cApril 23, 2013\n\nMEMORANDUM FOR:            ELLIS A. BURGOYNE\n                           CHIEF INFORMATION OFFICER AND EXECUTIVE VICE\n                           PRESIDENT\n\n\n\n\nFROM:                      John E. Cihota\n                           Deputy Assistant Inspector General\n                            for Financial and Systems Accountability\n\nSUBJECT:                   Audit Report \xe2\x80\x93 U.S. Postal Service Data Governance\n                           (Report Number DP-AR-13-004(R))\n\nThis report presents the results of our audit of U.S. Postal Service Data Governance\n(Project Number 12BG007FF000).\n\nWe appreciate the cooperation and courtesies provided by your staff. If you have any\nquestions or need additional information, please contact Kevin H. Ellenberger, director,\nData Analysis and Performance, or me at 703-248-2100.\n\nAttachments\n\ncc: James P. Cochrane\n    John T. Edgar\n    Corporate Audit and Response Management\n\x0cU.S. Postal Service Data Governance                                                                            DP-AR-13-004(R)\n\n\n\n\n                                               TABLE OF CONTENTS\n\nIntroduction ..................................................................................................................... 1\n\nConclusion ...................................................................................................................... 1\n\nLimitations in the Postal Service\xe2\x80\x99s Data Governance Program ....................................... 2\n\n   Inconsistent Corporate-Wide Data Strategy ................................................................ 3\n\n   Unreliable and Inaccurate Data ................................................................................... 4\n\n   Data Inconsistencies within the Enterprise Data Warehouse ...................................... 5\n\n   Insufficient Information Technology Security Measures............................................... 5\n\n   Difficulties with Accessing and Sharing Data ............................................................... 6\n\n   Opportunities to Improve the Postal Service\xe2\x80\x99s Data Governance Program ................. 7\n\nRecommendation ............................................................................................................ 8\n\nManagement\xe2\x80\x99s Comments .............................................................................................. 9\n\nEvaluation of Management\xe2\x80\x99s Comments ......................................................................... 9\n\nAppendix A: Additional Information ............................................................................... 10\n\n   Background ............................................................................................................... 10\n\n   Objective, Scope, and Methodology .......................................................................... 11\n\n   Prior Audit Coverage ................................................................................................. 13\n\nAppendix B: List of Profiled Organizations and Rationale for Selection ........................ 15\n\nAppendix C: Data Governance Best Practices .............................................................. 16\n\nAppendix D: Suggested Best Practice Implementation Timeline ................................... 24\n\nAppendix E: Management's Comments ........................................................................ 27\n\x0cU.S. Postal Service Data Governance                                                              DP-AR-13-004(R)\n\n\n\n\nIntroduction\n\nThis report presents the results of our audit of U.S. Postal Service Data Governance\n(Project Number 12BG007FF000). For fiscal year (FY) 2012, the U.S. Postal Service\nOffice of Inspector General (OIG) conducted a series of audits related to how the Postal\nService uses data to manage its operations. This capping report focuses upon the data\ngovernance issues we found in those audits and other OIG audits conducted over the\nlast 4 years as well as additional analysis conducted. Our objective was to determine\nwhether the Postal Service was effectively managing and using data in a manner that\nassists employees in achieving strategic and operational goals. This self-initiated audit\naddresses strategic risk. See Appendix A for additional information about this audit.\n\nThe Postal Service operates one of the largest information technology (IT)\ninfrastructures in the world and has an inventory of 795 computer applications. Data\nfrom many of those applications is collected into data stores and shared widely within\nthe Postal Service. Using those assets to make informed decisions is particularly\nimportant for the Postal Service, as declining revenue, the struggling national economy,\nand the increasingly digital nature of the world threaten its core business. Organizations\ninitiate data governance programs to strategically address issues similar to those faced\nby the Postal Service.\n\nData governance is the management process ensuring important data assets are\nformally managed and fully utilized throughout the organization. A 2008 survey1\nrevealed three primary factors that provide the impetus for data governance initiatives:\nrisk mitigation, revenue optimization, and cost control. Additionally, recent industry\nstudies on the cost of poor data governance estimate that organizations, on average,\nspend $5-$8.2 million annually due to data quality issues. This cost is driven primarily\nby the loss of end-user productivity that results from poorly organized, low quality, and\ninaccessible data, and bad business decisions based on that data.\n\nConclusion\n\nThe Postal Service could improve management of critical data to assist managers and\nemployees in achieving strategic and operational goals. We reviewed and analyzed OIG\nreports issued in FYs 2009 through 2012 and identified limitations in the Postal\nService\xe2\x80\x99s data governance program, which include:\n\n\xef\x82\xa7   Inconsistent corporate-wide data strategy.\n\xef\x82\xa7   Unreliable and inaccurate data.\n\xef\x82\xa7   Data inconsistencies within the Enterprise Data Warehouse (EDW).2\n\n1\n Information Age magazine surveyed 279 organizations.\n2\n EDW is a central, enterprise-wide database that contains information extracted from operational systems. Data\ngovernance initiatives look to organize and centralize data warehouses to ensure data are stored correctly.\n                                                           1\n\x0cU.S. Postal Service Data Governance                                                           DP-AR-13-004(R)\n\n\n\n\xef\x82\xa7   Insufficient IT security measures.\n\xef\x82\xa7   Difficulties with accessing and sharing data.\n\nAlthough the Postal Service defined a framework for a data governance program in a\n2003 management instruction,3 full roles and responsibilities were not uniformly adopted\nacross all enterprise business units. In addition, the Postal Service did not create\nformalized enterprise-wide data governance programs with structures, policies, and\nprocesses to govern data storage and use. Because of limitations in the Postal\nService\xe2\x80\x99s data governance program, the Postal Service risks potential vulnerabilities\nthat could hamper the quality, availability, and integrity of the organization\xe2\x80\x99s data and\nresult in inefficient operations, disruptions of service, and potential fraud.\n\nOur report outlines 34 industry data governance best practices the Postal Service\nshould consider to foster and institutionalize a strong culture and capability for a data\ngovernance program.\n\nLimitations in the Postal Service\xe2\x80\x99s Data Governance Program\n\nCurrently, the Postal Service does not have a comprehensive, centralized data\ngovernance program that better allows it to provide quality data that can be easily or\ninstantly accessed, essential to ensuring that managers can accomplish their goals,\nfurther reduce costs, and improve decision making. For example, improved data quality\nand availability will enable business users to more effectively analyze corporate data to\nidentify opportunities for cost savings and new revenue streams.\n\nThe Postal Service defined a program for a data governance program in its 2003\nManagement Instruction AS-860-2003-2. The guidance included roles and\nresponsibilities for the data stewards, portfolio managers, and business area executive\nsponsors. However, full roles and responsibilities were not uniformly adopted across the\nPostal Service's business units. For example, IT management require business areas to\nselect a data steward if they store data in the EDW. However, data stewards are not in\nplace to support the integrity of other critical data assets under the control of\nthe business areas, as required. Therefore, the Postal Service lacks consistent\nenterprise -wide data management policies and organizational structures to supervise\ndata governance across different functional areas.\n\nThe Postal Service is committed to providing an IT infrastructure that supports\ncustomer, corporate, and business needs. As stated in Vision 2013,4 one of the Postal\nService\xe2\x80\x99s key strategies is to leverage its strengths by integrating data to improve\nbusiness decisions. In doing so, the Postal Service must update data systems and\nprovide a centralized data governance program to standardize reporting and eliminate\nduplicate processes. Additionally, one of the Deliver Results, Innovation, Value, and\n\n\n3\n  Management Instruction AS-860-2003-2, Data Stewardship: Data Sharing Roles and Responsibilities, dated\nMarch 6, 2003.\n4\n  Vision 2013, Five-Year Strategic Plan for 2009-2013, October 2008.\n\n                                                       2\n\x0cU.S. Postal Service Data Governance                                                                  DP-AR-13-004(R)\n\n\n\nEfficiency (DRIVE) strategic priorities5 is enabling and empowering systems that aim to\nposition the Postal Service for future success.\n\nDuring our audit, we reviewed and analyzed OIG reports issued during FYs 2009\nthrough 2012 and identified 148 data-related issues. These past reports identified\nsignificant measurable benefits that could be realized if data were better managed. We\ncategorized those findings within the five component areas of data governance.\n\nInconsistent Corporate-Wide Data Strategy\n\nCorporate-wide data strategy describes the strategic approach to establishing and\nmaintaining a data governance program. Successful data governance programs require\nclear delineation of roles and responsibilities of corporate stakeholders, a visible and\nactive leadership structure, and a defined strategic plan. During our review of OIG\nreports, we noted conditions related to corporate-wide data strategy that may have been\nprevented by a strengthened data governance program. For example:\n\n\xef\x82\xa7   The Postal Service did not have a consistent strategy or approach for determining\n    the risks and benefits of implementing cloud computing technology.6 Having a\n    consistent strategy and approach to cloud computing technology would allow\n    management to develop an optimal cloud computing model to increase business\n    and operating efficiency and lower infrastructure cost. We estimated an annual\n    potential cost savings of $2.6 million using cloud computing technology to support IT\n    operations and infrastructure.\n\n\xef\x82\xa7   The Postal Service\xe2\x80\x99s highway contract routes (HCR) data retention policies did not\n    require maintenance of detailed data beyond 120 days for historical analyses and for\n    future HCR planning, contract renewal, and contractual or legal challenges by\n    contractors.7 Additionally, the Postal Service did not develop an overall strategic\n    framework and operational plan for using Global Positioning System technology.\n\n\xef\x82\xa7\n\n\n\n\n5\n  DRIVE is a management process the Postal Service is using to improve business strategy development and\nexecution. There are eight DRIVE strategic priorities, which include: Infrastructure and Operations Optimization, Total\nLabor Cost, Product and Services Growth, Enabling and Empowering systems, Robust Stakeholder Management,\nRobust Employee Engagement, Financial Capabilities and Cash Management, and Executive Transparency.\n6\n  Cloud Computing (Report Number IT-AR-12-006, dated May 9, 2012).\n7\n  Global Positioning System Technology for Highway Contract (Report Number NL-AR-12-009, dated\nSeptember 21, 2012).\n\n\n\n\n                                                           3\n\x0cU.S. Postal Service Data Governance                                                                 DP-AR-13-004(R)\n\n\n\n\nUnreliable and Inaccurate Data\n\nData quality and consistency refer to the standards and definitions that guarantee data\nare reliable, accurate, and effective when stored in a database. This component of the\ndata governance program includes specific policies, organizational structures, and\nquality assessment methods that allow business users and functional areas to create,\ndownload, and store data while minimizing errors and data conflicts. During our review\nof OIG reports, we noted conditions related to data quality that might have been\nprevented by a strengthened data governance program. For example:\n\n\xef\x82\xa7    Staff did not monitor and correct contract postal unit and Post Office\xe2\x84\xa2 meter\n     variances because documented procedures requiring such activities did not exist.10\n     We reviewed variances from October 2003 through March 2012 and found\n     867 meters with usage exceeding reported revenue by about $5.6 million.\n\n\xef\x82\xa7\n\n\n\n\n\xef\x82\xa7    Our audit of carrier contributions to revenue generation and customer service\n     showed management might be missing key opportunities to grow revenue due to\n     incomplete data on sales leads.13\n\n\xef\x82\xa7    Postal Service employees did not always accurately record critical data fields in the\n     Electronic Facilities Management System (eFMS) database.14 We found owned\n     properties smaller than 10,000 square feet often have inaccurate interior and site\n     square footage measurements. Sixty-eight percent (or 151 of the 222 errors in our\n     sample) occurred primarily because of eFMS system design limitations.15\n\n\n\n\n10\n   Processing of Meter Activity (Report Number FT-AR-12-012, dated September 6, 2012).\n11\n   The Manifest System is accessible from the Point-of-Sale and Advanced Computing Environment workstations.\n12\n   U.S. Postal Service Export Controls Monitoring Program (Report Number FT-MA-12-003, dated\nSeptember 14, 2012).\n13\n   Carrier Contributions to Revenue Generation and Customer Service (Report Number MS-AR-12-005, dated\nJune 19, 2012).\n14\n   The eFMS database is the official Postal Service record for real property inventory, used to manage all property-\nrelated projects including acquisition, disposal, and repairs.\n15\n   Accuracy of the Electronic Facilities Management System (Report Number DA-AR-12-004, dated\nSeptember 28, 2012).\n\n                                                          4\n\x0cU.S. Postal Service Data Governance                                                                 DP-AR-13-004(R)\n\n\n\n\nData Inconsistencies within the Enterprise Data Warehouse\n\nEDW is a central, enterprise-wide database that contains information extracted from\noperational systems. Data governance initiatives look to organize and centralize data\nwarehouses to ensure data are stored correctly. During our review of OIG reports and\ninterviews with employees, we noted conditions related to storing data in and retrieving\ndata from the EDW that may have been prevented by a strengthened data governance\nprogram. For example:\n\n\xef\x82\xa7      Our review of the chief information officer (CIO) organization\xe2\x80\x99s budget and actual\n       expense data for FYs 2010 and 2011, extracted from EDW, revealed misaligned\n       finance numbers and incorrect aggregations of data. The 40 misaligned finance\n       numbers resulted in inaccuracies of $14.9 million of the $1.04 billion year-to-date\n       expenditures.16\n\n\xef\x82\xa7      Although Finance established an internal team to support Finance organizational\n       activities related to the data warehouse, some other functional areas rely on\n       contractors with no Postal Service operational knowledge. It can be difficult for the\n       contractors to define metrics, templates, and filters for meaningful ad hoc and\n       standard reports.\n\nInsufficient Information Technology Security Measures\n\nThe risk and security component area of data governance encompasses risk\nmanagement policies and monitoring activities implemented within an organization to\neliminate unauthorized data access and theft. During our review of OIG reports, we\nnoted conditions that potentially compromise IT security that might have been prevented\nby a strengthened data governance program. For example:\n\n\xef\x82\xa7      Certification and Accreditation (C&A) is a formal security analysis and management\n       approval process used to assess risk before an application is put into production.\n       Management deployed at least 228 applications classified as critical to Postal\n       Service operations into production before completing the required C&A process.17\n       This occurred because Corporate Information Security (CIS) did not have the\n       authority necessary to enforce and execute its responsibilities when dealing with\n       individuals outside the CIS reporting structure or whose positions were more senior\n       within the organization.\n\n\xef\x82\xa7\n\n\n\n16\n     Chief Information Officer\xe2\x80\x99s Budget Data (Report Number IT-AR-11-007, dated August 25, 2011).\n17\n     State of Security (Report Number HR-AR-12-005, dated September 12, 2012).\n\n\n\n\n                                                          5\n\x0cU.S. Postal Service Data Governance                                                            DP-AR-13-004(R)\n\n\n\n\n\xef\x82\xa7    Only 3,878 of the more than 340,000 required users Postal Service-wide (about\n     1 percent) completed the required initial and annual information security awareness\n     training in FY 2011.21\n\n\xef\x82\xa7\n\n\n\n\nDifficulties with Accessing and Sharing Data\n\nData utilization describes end-user ability to effectively access, manipulate, share, and\ncreate data without assistance of IT personnel. Organizations can provide business\nuser-friendly tools to enable personnel to easily generate, modify, and share analytical\nreports employing corporate data. During our review of OIG reports, we noted\nconditions related to data retrieval that may have been prevented by a strengthened\ndata governance program. For example:\n\n\xef\x82\xa7    City delivery operations data were voluminous, not 'real time,' and some of the\n     reports were not 'exception-based,' which would facilitate management actions.23\n\n\xef\x82\xa7    The Postal Service enters into revenue sharing agreements with various partners\n     who are more efficient at providing certain services and products. Management did\n     not maintain a central repository for revenue sharing agreements to ensure timely,\n     efficient, and accurate retrieval of information; and policies and procedures on\n     establishing and monitoring revenue sharing agreements were not clear. 24\n\n\xef\x82\xa7    Enterprise Consumer Care25 system performance and data issues, including\n     outages and slow performance, have hindered the Postal Service\xe2\x80\x99s ability to\n     efficiently address and resolve complaints.26\n\n\n\n20\n   State of Corporate Information Technology Security (Report Number IT-AR-12-001, dated October 21, 2011).\n21\n   Security Training Awareness Program (Report Number IT-AR-12-008, dated June 25, 2012).\n22\n   Virtualization Technology (Report Number IT-AR-12-007, dated May 18, 2012).\n23\n   Delivery Operations Data Usage (Report Number DR-AR-13-001, dated October 11, 2012).\n24\n   Revenue Sharing Agreements (Report Number FI-AR-12-004, dated September 14, 2012).\n25\n   Records and tracks customer complaint information for small businesses and residential customers.\n26\n   Customer Complaint Resolution Process (Report Number MS-AR-12-007, dated September 10, 2012).\n\n                                                       6\n\x0cU.S. Postal Service Data Governance                                                               DP-AR-13-004(R)\n\n\n\n\xef\x82\xa7    Mail processing managers did not always have sufficient information regarding mail\n     processing data. Managers and employees said the availability of data are generally\n     good but could be improved. For example, data from the Intelligent Mail \xc2\xae barcode\n     (IMb) is not readily available for 7 to 10 days. Because this is not a real-time system,\n     most data can only be used for \xe2\x80\x98after-the-fact\xe2\x80\x99 analysis. Additionally, some mailers\n     using IMb have more access to real-time data on mail processing and delivery than\n     is available to Postal Service employees in the plants.27\n\n\xef\x82\xa7    The Postal Service did not always use Powered Industrial Vehicle Management\n     System (PIVMS)28 data as intended and, consequently, had not realized all possible\n     efficiency improvements from the system. 29 Specifically, it did not use it to manage\n     equipment operator productivity, schedule preventive maintenance, monitor vehicle\n     battery usage, or identify opportunities to reduce vehicle inventory. Management\n     was not aware of any established national goals or requirements to use the PIVMS\n     to increase operational efficiency, had little confidence in the accuracy of system\n     reports or design features, and had not trained all supervisors who use the PIVMS.\n\nOpportunities to Improve the Postal Service\xe2\x80\x99s Data Governance Program\n\nHad the Postal Service implemented a centralized data governance program, we\nbelieve many of the issues identified in prior OIG reports might not have occurred. To\nidentify how leading private sector organizations foster and institutionalize data\ngovernance programs, we researched best practices and processes with six companies\nthat had advanced data governance frameworks, policies, and practices for an in-depth\nstudy. See Appendix B for the rationale for the companies selected.\n\nOur work identified 34 best practices the Postal Service can consider to foster and\ninstitutionalize a strong culture and capability for a data governance program. We\nexplain these best practices and provide examples of how the companies apply them in\ndetail in Appendix C. We used these 34 best practices to develop an implementation\nstrategy that is divided into three phases. The phased implementation provides an\nimplementation approach allowing management to establish general, broad policies\nbefore taking more specific, technical actions.\n\nPhase I:\n\n1. Assess existing data management practices and policies.\n\n2. Develop organizational structure to support the governance initiative.\n\n3. Appoint data stewards within each business unit.\n\n27\n   Timeliness of Mail Processing at Processing and Distribution Centers (Report Number NO-AR-12-010, dated\nSeptember 28, 2012).\n28\n   The PIVMS consists of intelligent wireless devices installed on powered industrial vehicles and client-server\nsoftware for access control, utilization analysis, real-time location tracking, and many other functions.\n29\n   Powered Industrial Vehicle Management System at the Indianapolis Processing and Distribution Center (Report\nNumber NO-AR-10-004, dated March 29, 2010).\n\n                                                         7\n\x0cU.S. Postal Service Data Governance                                          DP-AR-13-004(R)\n\n\n\n\n4. Secure buy-in from business units.\n\nPhase II:\n\n5. Develop data performance measures.\n\n6. Take inventory of organizational data.\n\n7. Develop standardized data definitions.\n\n8. Initiate data quality assessments, beginning with top priority data assets.\n\nPhase III:\n\n9. Develop and integrate risk management policies.\n\n10. Develop a data classification system.\n\n11. Develop best-in-class warehousing architecture and management policies.\n\n12. Enhance business user tools and support.\n\nSee Appendix C for a more detailed explanation of this implementation approach. The\nPostal Service can improve the quality and availability of its data by implementing these\nsteps. Adopting and enforcing these practices would:\n\n\xef\x82\xa7   Ensure data are reliable, accurate, consistent, and effective.\n\xef\x82\xa7   Allow consistent definitions for data across the enterprise, minimizing errors.\n\xef\x82\xa7   Provide a clear protocol and corporate structure.\n\xef\x82\xa7   Allow stakeholders to access, interact with, create and share data seamlessly.\n\xef\x82\xa7   Minimize risk of a security breach or data corruption.\n\nWhile it may not be practical for the Postal Service to implement all 12 steps at once, it\nshould implement them over a defined period. See Appendix D for suggested best\npractice implementation timeline.\n\nRecommendation\n\nWe recommend the chief information officer and executive vice president:\n\n1. Direct the vice president, Information Technology, to implement a formal, enterprise-\n   wide data governance program.\n\n\n\n\n                                             8\n\x0cU.S. Postal Service Data Governance                                        DP-AR-13-004(R)\n\n\n\n\nManagement\xe2\x80\x99s Comments\n\nManagement agreed with the finding and, subsequent to their formal response, the\nrecommendation in this report. Management has begun establishing a formal,\nenterprise-wide, data governance program and has established September 30, 2013,\nfor program implementation.\n\nSee Appendix E for management\xe2\x80\x99s comments, in their entirety.\n\nEvaluation of Management\xe2\x80\x99s Comments\n\nThe OIG considers management\xe2\x80\x99s comments responsive to the recommendation and\ncorrective actions should resolve the issues identified in the report.\n\nThe OIG considers the recommendation significant, and therefore requires OIG\nconcurrence before closure. Consequently, the OIG requests written confirmation when\ncorrective action is completed. This recommendation should not be closed in the Postal\nService\xe2\x80\x99s follow-up tracking system until the OIG provides written confirmation that the\nrecommendation can be closed.\n\n\n\n\n                                            9\n\x0cU.S. Postal Service Data Governance                                                               DP-AR-13-004(R)\n\n\n\n\n                                   Appendix A: Additional Information\n\nBackground\n\nThe Postal Service operates one of the largest IT infrastructures in the world and has an\ninventory of 795 computer applications. Data from many of those applications are\ncollected into data stores and shared widely within the Postal Service. However,\nemployees may not always have access to data they need. In many of the OIG\xe2\x80\x99s past\naudits and risk modeling efforts, the OIG has noticed that postal data are often\nvoluminous but not always organized for ease of use in management decision making.\n\nFor FY 2012, the OIG embarked on a series of audits30 related to how the Postal\nService uses data to manage its operations. Most directorates identified one or more\naudits that specifically addressed the use of data. We coordinated the overall efforts to\nidentify better ways of using data for decision making and workforce planning. In\naddition, we focused our audit on Postal Service data governance and identified best\npractices in best-in class companies.\n\nData governance is the management process ensuring important data assets are\nformally managed and fully utilized throughout the enterprise. The term data\ngovernance describes organizational structures, policies, and practices that govern data\nmanagement and use. Generally, data governance programs are comprised of core\ncomponent areas:\n\n\xef\x82\xa7      Corporate-wide data strategy - corporate structure and defined protocol of data\n       governance program.\n\n\xef\x82\xa7      Data quality and consistency - parameters and data definitions developed to ensure\n       data are reliable, accurate, consistent, and effective when stored in a database.\n\n\xef\x82\xa7      Data location and warehousing - effective storage of data within data warehouses.\n\n\xef\x82\xa7      Risk and security - security measures enforced by data owners and data managers\n       to minimize risk.\n\n\xef\x82\xa7      Data utilization - capabilities allowing business users31 to access, manipulate,\n       create, and share data seamlessly.\n\nFigure 1 summarizes the five components of a successful data governance program:\n\n\n\n\n30\n     There were 14 use-of-data projects announced, of which six reports were issued in FY 2012.\n31\n     Business users are non-IT personnel that employ and access corporate data.\n\n                                                          10\n\x0cU.S. Postal Service Data Governance                                         DP-AR-13-004(R)\n\n\n\n\n                       Figure 1. Five Components of Data Governance\n\n\n\n\nSource: Kaiser Associates.\n\nEnhancements to enterprise-wide data, derived via a formalized data governance\nprogram, will lead to more informed decision making for executive management and\nbusiness users, improved responsiveness to business needs and overall operational\nsavings.\n\nObjective, Scope, and Methodology\n\nOur objective was to determine whether the Postal Service was effectively managing\nand using data in a manner that assists employees in achieving strategic and\noperational goals. To accomplish our objective, we:\n\n\xef\x82\xa7   Reviewed Postal Service strategies and analyzed the requirements and availability\n    of data to support them.\n\n\xef\x82\xa7   Reviewed data governance-related research by reading articles from online\n    resources.\n\n\xef\x82\xa7   Provided 'use of data' project teams with audit steps and a questionnaire to collect\n    information from Postal Service officials regarding the organization, quality, and\n\n\n                                            11\n\x0cU.S. Postal Service Data Governance                                                              DP-AR-13-004(R)\n\n\n\n     accessibility of data. We received and reviewed 78 responses from the project\n     teams.\n\n\xef\x82\xa7    Reviewed and analyzed OIG reports32 issued in FYs 2009 through 2012 and\n     identified 148 data-related issues.\n\n\xef\x82\xa7    Engaged Kaiser Associates to identify how leading private sector companies foster\n     and institutionalize a data governance program:\n\n     o Conducted secondary research on data governance programs among private\n       organizations to determine the best companies for study. Identified about\n       20 organizations noted for excellence in data governance.\n\n     o Conducted interviews with data governance practitioners and stakeholders at\n       the 20 identified companies to test the sophistication of each corporate data\n       governance program, in order to narrow the pool of target companies.\n\n     o Identified six companies with advanced data governance programs for an in-\n       depth study.33\n\n     o Conducted interviews with internal Postal Service stakeholders to identify\n       current data governance practices and concerns at Postal Service.\n\n     o Analyzed interview findings from all six companies to distill best practices from\n       this research.\n\n \xef\x82\xa7   Presented our preliminary list of best practices to Postal Service management and\n     obtained input on the applicability to the agency.\n\nWe conducted this performance audit from February 2012 through April 2013 in\naccordance with generally accepted government auditing standards and included such\ntests of internal controls as we considered necessary under the circumstances. Those\nstandards require that we plan and perform the audit to obtain sufficient, appropriate\nevidence to provide a reasonable basis for our findings and conclusions based on our\naudit objective. We believe that the evidence obtained provides a reasonable basis for\nour findings and conclusions based on our audit objective. We discussed our\nobservations and conclusions with management on March 12, 2013, and included their\ncomments where appropriate.\n\nWe did not test the validity of controls over the Postal Service systems. We relied on the\nteams that conducted the 'use of data' audits to verify the accuracy of the data with\nPostal Service managers and other postal data sources. We determined that the data\nwere sufficiently reliable for the purposes of this report.\n\n32\n   The total number of reports included six data usage reports issued in FY 2012.\n33\n   In-depth study incorporated multiple primary research interviews with company subject matter experts. Conducted\ninterviews with IT and business personnel in identified companies to outline data governance best practices.\n\n                                                        12\n\x0cU.S. Postal Service Data Governance                                       DP-AR-13-004(R)\n\n\n\nPrior Audit Coverage\n\nIn FY 2012, the OIG conducted a series of audits related to how the Postal Service uses\ndata to manage its operations. Although other previously conducted audits identified\ndata-related issues, they were not audits of data governance.\n\n                                                                           Monetary\n                                                       Final Report       Impact (in\n           Report Title            Report Number           Date            millions)\nAccuracy of the Electronic        DA-AR-12-004          9/28/2012           None\nFacilities Management System\nReport Results:\nPostal Service employees did not always accurately record critical data fields. We\nrecommended management modify eFMS to address inconsistency in data entry.\nOverall, management agreed that eFMS had inconsistent data with incomplete fields in\nmany cases.\n\n\nTimeliness of Mail Processing       NO-AR-12-010            9/28/2012          None\nat Processing and Distribution\nCenters\nReport Results:\nThe Postal Service made progress in improving the timeliness of mail processing by\nreducing the amount of delayed mail from the previous year and improving service\nperformance for the timely delivery of mail. However, through Quarter 3, FY 2012, about\n1.4 billion pieces of mail have been delayed. Management agreed with our\nrecommendations to reduce the amount of delayed mail in the network and ensure that\nfield personnel are properly trained in the color-coding of Standard Mail as well as the\ncounting and reporting of delayed mail in accordance with policies.\n\n\n\n\n                                          13\n\x0c    U.S. Postal Service Data Governance                                         DP-AR-13-004(R)\n\n\n\n\n                                                         Final Report        Monetary\n          Report Title               Report Number            Date             Impact\nUse of Data Within Finance and FF-AR-12-005                9/20/2012            None\nPlanning\xe2\x80\x99s Field Budget\nProcess\nReport Results:\nThe Postal Service closed the Southeast Area in February 2011; however, it did not\nmove all the Southeast Area\xe2\x80\x99s administrative office\xe2\x80\x99s financial data to an active Postal\nService area through July 2012. We recommended using financial data to inform senior\nmanagement and other responsible parties of issues requiring resolution, such as\nongoing financial activity and contractual commitments and elevate those issues until\nresolved. Management agreed with our recommendations.\n\nRevenue Sharing Agreements           FI-AR-12-004          9/14/2012           $1.4\nReport Results:\nManagement did not implement a process to validate postage and production revenue\ndata or require the alliance partner to provide monthly data on web traffic. Management\nagreed with our recommendations to implement a process to monitor and communicate\ngoals with revenue sharing agreement partners. However, management disagreed with\nour recommendation to verify registrations and purchases beyond what is currently in\nplace.\n\nCustomer Complaint Resolution MS-AR-12-007                 9/10/2012         $26.4\nProcess\nReport Results:\nThe Postal Service was not efficiently and effectively resolving customer complaints.\nSpecifically, staff members were closing complaints before customers considered their\ncases resolved. We recommended the Postal Service develop a mechanism to\nincorporate customer feedback regarding complaint resolution into the system.\nManagement agreed with the recommendations.\n\nContract Management Data \xe2\x80\x93         CA-AR-12-005          8/9/2012          None\nTransportation Contract\nSupport System\nReport Results:\nThe Transportation Contract Support System contained accurate data for all HCRs we\nreviewed. Because of the implementation of our prior recommendation regarding\ncontract funding approvals, we did not make any recommendations.\n\n\n\n\n                                                14\n\x0cU.S. Postal Service Data Governance                                                    DP-AR-13-004(R)\n\n\n\n        Appendix B: List of Profiled Organizations and Rationale for Selection\n\nInitial research identified six organizations with best-in-class data governance programs\nfor deep-dive best practices research. These organizations can be grouped into three\ngeneral categories as shown in Table 1:\n\nCategory 1: Decentralized Best-in-Class Data Governance Programs: Organizations\nthat maintain a decentralized data governance structure but deploy best-in-class\npolicies around data quality, warehousing, and risk management.\n\nCategory 2: Centralized Best-in-Class Data Governance Programs: Organizations that\nadopted a centralized data governance structure to successfully manage enterprise\ndata.\n\nCategory 3: In-Transition Best-in-Class Data Governance Programs: Organizations\ncurrently undergoing major changes to internal data governance programs following\nacquisition of new assets or internal reorganization.\n\n                            Table 1. List of Profiled Organizations\n\n   Company              Category                        Rationale for Selection\n                                      \xef\x82\xa7   Advanced data quality and warehousing developed in concert\n                                          with company growth.\n                                      \xef\x82\xa7   Data quality maintained with expansion to new business\n                                          sectors.\n   Company A            Category 1    \xef\x82\xa7   Best-in-class data risk and security policies.\n                                      \xef\x82\xa7   Dedicated data governance team, including a steering\n                                          committee, data stewards, and subject matter experts.\n                                      \xef\x82\xa7   Recently invested in data governance 'toolkit' to improve data\n   Company B                              consistency, quality, and integration.\n                                      \xef\x82\xa7   Sophisticated data governance program with codified data\n                                          management structure.\n                                      \xef\x82\xa7   Data stewards and data architects work with business silos to\n   Company C                              ensure data quality and consistency.\n                                      \xef\x82\xa7   Best-in-class data governance program with dedicated teams\n                                          and enterprise-wide data parameters and definitions.\n   Company D            Category 2    \xef\x82\xa7   Real-time data update and analytics capabilities.\n                                      \xef\x82\xa7   Data warehouse steering committee established to oversee\n                                          data governance program following a merger.\n                                      \xef\x82\xa7   Data warehouse managers ensure data governance structures\n   Company E                              are maintained by silos.\n                                      \xef\x82\xa7   Formal data governance initiative began in 2011, with\n                                          investment in data stewards and architects.\n                                      \xef\x82\xa7   Data governance initiative road map preserved following major\n   Company F            Category 3        a acquisition.\nSource: OIG analysis.\n\n\n\n\n                                                 15\n\x0cU.S. Postal Service Data Governance                                                            DP-AR-13-004(R)\n\n\n\n\n                         Appendix C: Data Governance Best Practices\n\nThe best practices provided below apply to management of structured and unstructured\ndata.34 In particular, while systems and processing tools may differ by data type, overall\ndata management policies encompass all data types. The items following summarize\nfive components of a successful data governance program:\n\nI. Corporate-Wide Data Strategy Best Practices\n\nInitiation of Data Governance\n\n1. Identify and involve key organizational stakeholders in data governance\n   implementation process via a central data governance committee. Best-in-class\n   organizations institute a committee structure to drive the data governance policy\n   creation and implementation process because it allows involvement of a wide range\n   of stakeholders. This structure is favored by executives as it offers opportunities to\n   involve business leaders across the enterprise and help gain traction throughout all\n   business units.\n\n2. Secure executive-level sponsorship to drive adoption of data governance program\n   across the organization \xe2\x80\x94 executive-level sponsorship is necessary to drive data\n   governance traction within the organization. As Postal Service\xe2\x80\x99s own experience\n   shows, when new policies are introduced without sufficient sponsorship from\n   organizational leadership, they are at best implemented inconsistently, or at worst,\n   disregarded completely. To assure success of a data governance initiative, best-in-\n   class organizations involve an executive-level sponsor to promote and champion the\n   program. This executive serves as an advocate for the program and a last point of\n   escalation if stakeholders do not cooperate with program policies.\n\n3. Demonstrate the business case for a formalized enterprise data governance\n   program to secure buy-in from business area executive sponsors \xe2\x80\x94 Data\n   governance stakeholders at best-in-class organizations meet personally with\n   business leaders to demonstrate the advantages (cost savings, productivity benefits)\n   and the business case for data governance and obtain business unit participation.\n   Both group educational sessions and one-on-one meetings with organizational\n   leaders are needed to fully demonstrate the benefits of enterprise-wide data\n   governance and secure organization-wide participation in program implementation.\n\n4. Conduct an analysis of existing data governance policies within individual business\n   units \xe2\x80\x94 Rather than building new policies from scratch, best-in-class organizations\n   use existing policies as templates. By conducting surveys, organizations are able to\n   identify existing policies for potential replication on an enterprise-wide level. A data\n   governance initiative can thus minimize the burden of change on business units by\n34\n  Structured data have identifiable structures, most commonly based on methodology of rows and columns.\nUnstructured data, by comparison, do not have identifiable structures.\n\n                                                      16\n\x0cU.S. Postal Service Data Governance                                        DP-AR-13-004(R)\n\n\n\n   simply extending tried and true methods of data management beyond a single silo\n   (or group of silos).\n\n5. Carry out a complete inventory of existing data stored within business unit\n   warehouses \xe2\x80\x94 By mapping existing data assets, organizations can best design and\n   implement governance policies. The goal of the inventory process is to determine\n   what data assets the organization currently owns and determine in which locations\n   the assets are stored. With a comprehensive inventory at hand, the data governance\n   committee can accurately assign data management responsibilities, develop a\n   warehousing/storage strategy, and analyze data needs. Without a proper\n   understanding of organizational data holdings, the data governance organization\n   cannot accurately plan data governance program implementation or develop\n   appropriate data accountability policies.\n\nRoles and Responsibilities\n\n6. Assign data steward responsibilities to individuals within business units and the IT\n   organization to develop and oversee data governance policies \xe2\x80\x94 Best-in-class\n   organizations assign data steward roles to existing data owners. Data stewards\n   develop policies and drive policy implementation at the business unit level. To\n   minimize the cost and organizational overhaul associated with data governance,\n   organizations typically assign data steward roles to existing personnel. Data\n   stewards must be familiar with IT capabilities as well as the needs of business users\n   to effectively implement data governance policies and monitor policy adherence.\n\n7. Assign program administrator roles with a focus on overseeing data stewardship\n   program \xe2\x80\x94 Program administrators supervise data stewards and act as liaisons\n   between data stewards and the data governance committee. This role coordinates\n   the activities of the data stewards and monitors policy implementation activities.\n   Program administrators also assess metrics such as data quality metrics and other\n   key performance indicators (KPI) to evaluate program success.\n\nData Governance Policy Development\n\n8. Drive data definition and policy creation process via the data governance committee\n   with participation of business unit leaders \xe2\x80\x94The data governance committee serves\n   as the nucleus of policy creation. The council should consult business lines to\n   secure buy-in from the organization\xe2\x80\x99s silos. This body is uniquely suited for the task\n   due to the broad-sweeping view of the enterprise operations of its membership, the\n   vested authority within the committee, and its relatively small size. However,\n   stakeholders at best-in-class organizations note that involvement of additional\n   stakeholders, such as executive sponsors or subject matter experts, can significantly\n   augment the policy creation and revision process. Furthermore, the involvement of\n   business units in a review capacity facilitates the creation of enterprise-wide\n   consensus around data governance policies.\n\n\n\n                                           17\n\x0cU.S. Postal Service Data Governance                                          DP-AR-13-004(R)\n\n\n\n9. Assess maturity of data standards in each business unit and set maturity goals\n   according to a defined timeline \xe2\x80\x94 Best-in-class organizations assess data standards\n   across business units to create business unit-specific roadmaps for achievement of\n   goals specified by data governance policies. This process begins with a formal,\n   quantitative assessment of data policy and practice maturity within each silo. Data\n   stewards and the data governance committee rate the business unit across a series\n   of data standards, such as Data Quality, Data Integration, Reporting, and so forth,\n   based on predefined policy and data parameter specifications. Then, data stewards\n   and the governance committee determine the governance goals for the business\n   unit over a defined timeline.\n\n10. Tie performance evaluation measures to business unit progress in data governance\n    policy implementation \xe2\x80\x94 To hold individuals accountable for data governance\n    implementation, best-in-class organizations incorporate data governance\n    responsibilities into the overall assessment of individual\xe2\x80\x99s performance. Best-in-class\n    organizations enact accountability measures for key stakeholders involved in the\n    data governance program, such as data stewards and business unit leaders. Such\n    measures may involve impact on individuals\xe2\x80\x99 performance ratings or bonus\n    allocation based on business unit progress in meeting data governance goals.\n    Accountability measures enhance personnel commitment to data governance\n    implementation and link data governance responsibilities to overall personnel\n    performance.\n\n11. Conduct regular educational sessions focused on data governance for all employees\n    that handle data within the organization \xe2\x80\x94 Communication of new data governance\n    policies to the business user community is essential for data governance program\n    success. Business users must be trained to properly handle data in accordance with\n    newly created policies. By equipping business users with proper data classification,\n    data storage, and retrieval skills, organizations reduce the workload of IT\n    departments and foster the adoption of data governance policies.\n\n12. Define and utilize metrics to measure data governance initiative performance across\n    the organization \xe2\x80\x94 Best-in-class organizations track metrics to measure the\n    effectiveness of data governance policies. This allows stakeholders to quantify and\n    demonstrate the impact of the governance initiative. These metrics, commonly\n    known as KPIs, typically measure data quality, probability of risk, policy compliance,\n    and cost savings. The demonstration of improvement across these areas reinforces\n    the business case for data governance and fosters business unit buy-in and end-\n    user participation.\n\nII. Data Quality and Consistency Best Practices\n\nPriority Data Identification\n\n1. Prioritize a master set of data assets during the onset of data governance\n   initiatives \xe2\x80\x94 Organizations define master data, or key business elements, before\n\n\n                                            18\n\x0cU.S. Postal Service Data Governance                                         DP-AR-13-004(R)\n\n\n\n   introducing data quality initiatives to focus efforts in a strategic manner. Because\n   these data assets represent the organization\xe2\x80\x99s priorities, all data cleansing and\n   definition efforts begin with them. Organizations typically task the data governance\n   committee with selection of high priority data assets because the body holds an\n   enterprise-wide view of data priorities.\n\nData Quality Assessment\n\n2. Identify data quality issues through multilayered data quality scorecard\n   assessments \xe2\x80\x94 Best-in-class organizations employ scorecard assessments to test\n   data for errors and provide aggregate-level and detailed views of found quality\n   issues. Designed by IT personnel, scorecards allow business users to analyze the\n   quality level of their data without IT support. If a user\xe2\x80\x99s report does not meet\n   established quality standards, the organization bars the user from uploading the\n   report to the warehouse. The user can then use the scorecard to self-diagnose\n   found issues and resubmit for approval. The process thus alerts business users of\n   quality issues and helps maintain the accuracy of data in warehouses.\n\n3. Assign scorecard development responsibility to data stewards \xe2\x80\x94 Data stewards are\n   tasked with scorecard development because they have a granular view of business\n   units\xe2\x80\x99 data. Data stewards work closely with business users to develop scorecards\n   that are both easy to use and based on parameters customized to the data assets\n   employed by the business unit.\n\n4. Design user-friendly scorecards that allow business users to self-diagnose data\n   quality issues \xe2\x80\x94 Scorecards that are user-friendly and accessible allow business\n   users to self-diagnose errors and, consequently, reduce the burden on the IT\n   organizations. If a business user receives a failing score from the quality\n   assessment, the program supplies the rationale and details of why a certain data set\n   or report failed. Business users can then self-service found quality issues and\n   resubmit their data for approval.\n\n5. Customize scorecards based on business units\xe2\x80\x99 data assets and needs \xe2\x80\x94 Best-in-\n   class organizations create customized scorecards for each business unit to enhance\n   scorecard utility. Because data assets and data usage vary widely from business\n   unit to business unit, a tailored approach to scorecard design is necessary for\n   creation of useful and accurate data quality assessments.\n\n6. Institute a clear schedule for scorecard reporting and assessment by data\n   stewards \xe2\x80\x94 All data stewards at profiled companies stress the importance of\n   consistent communication on the issues of data quality. By coordinating closely, data\n   stewards are better able to analyze data quality issues and set quality goals within\n   their business unit. Through meetings with senior data governance stakeholders,\n   data stewards also inform enterprise-wide data quality initiatives with opinions rooted\n   in realities of data quality performance within their business units. Data stewards at\n   interviewed organizations meet weekly to coordinate on data quality initiatives within\n\n\n                                            19\n\x0cU.S. Postal Service Data Governance                                                                DP-AR-13-004(R)\n\n\n\n     a business unit and hold monthly meetings with the data governance committee to\n     discuss enterprise-wide governance initiatives and strategies.\n\nStandardization of Data Definitions\n\n7. Assign data stewards the duty of business glossary development \xe2\x80\x94 To ensure data\n   consistency across the enterprise, organizations assign data stewards the role of\n   developing a consistent set of definitions for data assets. The common definitions\n   are then compiled in a business glossary that end-users across business units can\n   reference when creating reports. Data stewards solicit feedback from business users\n   during the process of glossary development. Without sufficient insight or feedback\n   from business users, a business glossary is unlikely to be uniformly adopted across\n   the organization and will thus fail at its primary purpose\xe2\x80\x94the resolution of data\n   consistency issues.\n\n8. Prioritize data glossary development during initial phases of a data governance\n   program \xe2\x80\x94 Best-in-class organizations publish a business glossary within\n   12 months of data governance initiation to stop 'bad habits' of conflicting data use\n   and storage. Organizations administer ongoing end-user surveys and publish a\n   business glossary within this timeframe to immediately align business users on new\n   protocols in creating, storing, and sharing data.\n\nIII. Data Location and Warehousing Best Practices\n\nLifecycle Management\n\n1. Develop clear guidelines for data lifecycle management \xe2\x80\x94 Guidelines on data\n   retention and disposal allow organizations to free up storage space by eliminating\n   data that are no longer needed by the user community. These policies also enhance\n   corporate capacity to comply with government and legal policies that require data\n   storage for specified periods. Effective lifecycle management is especially significant\n   for big data35 because these assets take a large toll on organizational storage\n   capacity.\n\nData Warehouse Architecture\n\n2. Centralize high priority master data in a single warehouse \xe2\x80\x94 Best-in-class\n   organizations with centralized and decentralized warehouse structures house top\n   priority, sensitive data in a single, autonomous warehouse. This allows IT to closely\n   monitor data access around priority data and decreases the threat of a security\n   breach or data corruption. The approach helps maintain a corporation\xe2\x80\x99s most\n   important data assets and inspires confidence in business analytics and reporting.\n\n\n\n35\n  Big data describe large data sets that cannot be analyzed via standard relationship databases and analytics tools\nbecause of size.\n\n                                                         20\n\x0cU.S. Postal Service Data Governance                                           DP-AR-13-004(R)\n\n\n\n3. Reserve space in the centralized enterprise warehouse for business users to store\n   business-unit specific information \xe2\x80\x94 Best-in-class organizations reserve business\n   unit-specific storage space to allow business users to store and rapidly retrieve\n   information used by their silo. Business units can thus store specialized data, such\n   as department specific summary tables or aggregations, in enterprise warehouses\n   where it can be properly monitored and managed by the IT organization.\n   Organizations that have or are moving towards a centralized warehousing structure,\n   like Postal Service, thus inhibit business units for establishing siloed data marts\n   without proper IT supervision.\n\n4. Architect warehouses to automatically update with incoming data to guarantee data\n   are relevant and up-to-date \xe2\x80\x94 Best-in-class data warehouses are engineered to\n   automatically pull updated data from business users and servers, guaranteeing that\n   data are current. Automated data upload stream data through a consistent channel,\n   optimizing warehouse performance and enabling data users to upload data instantly.\n   As a result, warehouses can support real-time business analytics functionality.\n\nData Warehouse Management Roles\n\n5. Dedicate a team of IT professionals to manage data warehouses and act as a liaison\n   between IT and business directors \xe2\x80\x94 Best-in-class corporations employ data\n   warehouse groups to manage the ongoing maintenance and continuous\n   improvement of enterprise warehouses (including central and distributed\n   warehouses). Such groups are comprised of data engineers and architects who are\n   well-versed in warehouse architecture design and understand the business needs of\n   the organization. Team members maintain close contact with the data governance\n   committee and work to develop new technical policies and procedures to enhance\n   end-user experiences. A data warehouse group thus enables data governance\n   directors to better understand the technical ramifications of governance policies and\n   ensure business user needs are met.\n\n6. Appoint IT employees to monitor data queries and enforce the established search\n   protocols \xe2\x80\x94 Best-in-class organizations develop clear protocols for search queries\n   to bar business users from unnecessarily requesting large amounts of data and\n   placing a burden on the overall data retrieval system. Organizations then appoint IT\n   staff to monitor data queries and hold business users who do not follow protocols\n   accountable. This enforcement model drastically lowers the likelihood of business\n   user circumvention of data query policies.\n\nData Classification\n\n7. Develop a data classification system to sort data into distinct tiers based on\n   priority \xe2\x80\x94 Best-in-class organizations create automated data classifications systems\n   to sort data into distinct tiers based on sensitivity and relevance. The tier definitions\n   are developed by the data governance committee with participation from the\n   business user community. Following definition development, the IT organization\n\n\n                                             21\n\x0cU.S. Postal Service Data Governance                                         DP-AR-13-004(R)\n\n\n\n   automates the classification process, tagging all incoming data with appropriate tier\n   classification. This allows IT to apply storage, lifecycle management, and quality\n   control policies specific to the data type within the tier.\n\nIV. Risk and Security Best Practices\n\n1. Merge established risk management policies with data management guidelines\n   developed under the auspices of a data governance program \xe2\x80\x94 Data governance\n   committees at interviewed organizations work closely with risk management offices\n   to standardize security policies across the enterprise and incorporate them into\n   overall data management guidelines. In fact, organizations often prioritize data risk\n   management as one of the key tenets of the data governance program. Data\n   governance policies and organizational structures reinforce existing security\n   measures and centralize them across silos. Accordingly, program stakeholders\n   assume responsibilities for security assessment and monitoring.\n\n2. Set clear guidelines for data access provisioning and conduct regular reviews of\n   data access rights \xe2\x80\x94 To minimize risk of unauthorized data access and security\n   breach, best-in-class data governance programs establish a clearly defined process\n   for users to gain data access rights. The process guidelines are distributed to all\n   silos and implemented consistently throughout the organization. IT organizations\n   then routinely review data access rights on a predetermined schedule to further\n   minimize risk.\n\nV. Data Utilization Best Practices\n\n1. Conduct regular surveys of end-user needs to enhance data utilization \xe2\x80\x94 Best-in-\n   class data governance organizations conduct routine assessments of business user\n   opinions to understand where current tools and policies fall short. This process\n   allows organizations to better meet business analytics needs of business users and\n   enhance personnel and business process efficiency. Profiled programs keep a close\n   pulse on end-user opinion, testing whether deployed tools or implemented policies\n   are beneficial to the enterprise\xe2\x80\x99s data consumers. This allows committees to quickly\n   identify areas for improvement. Well-informed strategies then lead to optimized data\n   utilization and end-user efficiency.\n\n2. Develop technology resources that direct business users to appropriate parties for\n   data retrieval and IT issues \xe2\x80\x94 Data governance committees at interviewed\n   organizations work alongside IT departments to develop an IT catalogue that\n   business users can use when they require assistance with data governance\n   procedures, data quality policies, and storage/retrieval issues. This allows business\n   users to save time when experiencing issues and quickly contact the relevant party\n   for their needs. In turn, the IT department is not inundated with multiple requests\n   from business users.\n\n\n\n\n                                            22\n\x0cU.S. Postal Service Data Governance                                                                  DP-AR-13-004(R)\n\n\n\n3. Develop user-friendly metadata36 views to enhance warehouse data queries \xe2\x80\x94\n   Metadata management technology allows companies to better understand, collect,\n   catalog, and manipulate enterprise data. It also provides a clear view of the\n   information contained in data warehouses, accurately grouping related data and\n   excluding irrelevant data. As a result, metadata expedite and simplify data searches,\n   directly benefiting the business user community. Metadata management is especially\n   significant in improving user ability to search big data because of the sheer size of\n   these assets. Metadata also enables IT departments to automate big data\n   monitoring, enhancing risk and quality management of this data type.\n\n4. Design business intelligence dashboard tools to help business users view and\n   analyze needed data \xe2\x80\x94 Best-in-class organizations design dashboards to allow for\n   superior data analytics and increase data utilization by the business user community.\n   Dashboards present data in a user-friendly format, employing charts and tables that\n   can be easily manipulated by the user without the risk of data corruption.\n   Dashboards are developed by IT with input from business users who specify what\n   data views are most actionable for their business needs.\n\n5. Designate an IT representative to every business user project team to assist with IT\n   issues and concerns \xe2\x80\x94 Project-driven organizations with strong governance\n   programs often assign an IT representative with a strong commitment to the\n   organization\xe2\x80\x99s data governance protocols to specific business projects to serve as a\n   liaison between the project team and IT staff. These IT representatives assist\n   business users with access rights and data retrieval for the duration of their project.\n   Business users thus benefit from direct and rapid assistance of the dedicated IT\n   representative. The IT representative meanwhile monitors and enforces data\n   retrieval and storage protocols, propagating the goals of the data governance\n   program.\n\n\n\n\n36\n Metadata are structured information that describe, explain, locate, or otherwise make it easier to retrieve, use, or\nmanage an information resource.\n\n                                                          23\n\x0cU.S. Postal Service Data Governance                                           DP-AR-13-004(R)\n\n\n\n    Appendix D: Suggested Best Practice Implementation Timeline\n\nBest-in-class organizations create a detailed roadmap for best practice implementation\nas part of the data governance initiative. Based on the experiences and\nrecommendations of interviewed organizations, we developed a suggested\nimplementation roadmap, divided into three phases of varying durations. Each phase\ncontains four key processes that should be executed in sequential order. All best\npractices contained in this document have been organized under these process\nelements, as illustrated in Figure 2:\n\n                   Figure 2. Best Practices by Process Element Category\n                                   Phase I: First 6 Months\n\n\n\n\nProcess                                                                      Component\n  Step                               Best Practice                               Area\n              Conduct an analysis of existing data governance policies     Corporate-wide\n Step 1\n              within individual business units.                            data strategy\n              Identify and involve key organizational stakeholders in\n                                                                           Corporate-wide\n              data governance implementation process via a central\n                                                                           data strategy\n              data governance committee.\n Step 2       Secure executive-level sponsorship to drive adoption of      Corporate-wide\n              data governance program across the organization.             data strategy\n              Assign program administrator roles with a focus on           Corporate-wide\n              overseeing data stewardship program.                         data strategy\n              Assign data steward responsibilities to individuals within\n                                                                           Corporate-wide\n Step 3       business units and the IT organization to develop and\n                                                                           data strategy\n              oversee data governance policies.\n              Demonstrate the business case for a formalized\n                                                                           Corporate-wide\n              enterprise data governance program to secure buy-in\n                                                                           data strategy\n              from business leaders.\n              Drive data definition and policy creation process via the\n                                                                           Corporate-wide\n Step 4       data governance committee with participation of\n                                                                           data strategy\n              business unit leaders.\n              Conduct regular educational sessions focused on data\n                                                                           Corporate-wide\n              governance for all employees that handle data within the\n                                                                           data strategy\n              organization.\nSource: OIG analysis.\n\n\n\n\n                                              24\n\x0cU.S. Postal Service Data Governance                                           DP-AR-13-004(R)\n\n\n\n                                      Phase II: 6-12 Months\n\n\n\n\nProcess                                                                      Component\n  Step                                Best Practice                              Area\n              Define and utilize metrics to measure data governance        Corporate-wide\n              initiative performance across the organization.              data strategy\n              Tie performance evaluation measures to business unit         Corporate-wide\n Step 1\n              progress in data governance policy implementation.           data strategy\n              Assess maturity of data standards in each business unit      Corporate-wide\n              and set maturity goals according to a defined timeline.      data strategy\n              Carry out a complete inventory of existing data stored       Corporate-wide\n Step 2\n              within business unit warehouses.                             data strategy\n              Assign data stewards the duty of business glossary           Data quality and\n              development.                                                 consistency\n Step 3\n              Prioritize data glossary development during initial phases   data quality and\n              of a data governance program.                                consistency\n              Prioritize a master set of data assets during the onset of   Data quality and\n              data governance initiatives.                                 consistency\n              Identify data quality issues through multilayered data       Data quality and\n              quality scorecard assessments.                               consistency\n              Assign scorecard development responsibility to data          Data quality and\n              stewards.                                                    consistency\n Step 4\n              Design user-friendly scorecards that allow business          Data quality and\n              users to self-diagnose data quality issues.                  consistency\n              Customize scorecards based on business units\xe2\x80\x99 data           Data quality and\n              assets and needs.                                            consistency\n              Institute a clear schedule for scorecard reporting and       Data quality and\n              assessment by data stewards.                                 consistency\nSource: OIG analysis.\n\n\n\n\n                                               25\n\x0cU.S. Postal Service Data Governance                                            DP-AR-13-004(R)\n\n\n\n                                      Phase III: 12-24 Months\n\n\n\n\nProcess\n  Step                             Best Practice                        Component Area\n              Merge established risk management policies with\n              data management guidelines developed under the           Risk and security\n Step 1       auspices of a data governance program.\n              Set clear guidelines for data access provisioning and\n                                                                       Risk and security\n              conduct regular reviews of data access rights.\n              Develop a data classification system to sort data into   Data location and\n Step 2\n              distinct tiers based on priority.                        warehousing\n              Develop clear guidelines for data lifecycle              Data location and\n              management.                                              warehousing\n              Centralize high priority master data in a single         Data location and\n              warehouse.                                               warehousing\n              Reserve space in the centralized enterprise\n                                                                       Data location and\n              warehouse for business users to store business-unit\n                                                                       warehousing\n              specific information.\n Step 3\n              Architect warehouses to automatically update with        Data location and\n              incoming data to ensure relevant and up-to-date data.    warehousing\n              Dedicate a team of IT professionals to manage data\n                                                                       Data location and\n              warehouses and act as a liaison between IT and\n                                                                       warehousing\n              business directors.\n              Appoint IT employees to monitor data queries and         Data location and\n              enforce the established search protocols.                warehousing\n              Conduct regular surveys of end-user needs to\n                                                                       Data utilization\n              enhance data utilization.\n              Develop technology resources for business users that\n              helps navigate them towards appropriate parties for      Data utilization\n              data retrieval and IT issues.\n              Develop user-friendly metadata views to enhance\n Step 4                                                                Data utilization\n              warehouse data queries.\n              Design dashboard tools to help business users view\n                                                                       Data utilization\n              and analyze needed data.\n              Designate an IT representative to every business\n              user project team to assist with IT issues and           Data utilization\n              concerns.\nSource: OIG analysis.\n\n\n\n\n                                                26\n\x0cU.S. Postal Service Data Governance                            DP-AR-13-004(R)\n\n\n\n\n                           Appendix E: Management's Comments\n\n\n\n\n                                          27\n\x0cU.S. Postal Service Data Governance        DP-AR-13-004(R)\n\n\n\n\n                                      28\n\x0c"